20170512 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) Affected
Fixed in Version
Plugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
User Access Managerall versionsunfixeduser-access-managerAuthenticated Reflected Cross-Site Scripting
https://wordpress.org/plugins/user-access-manager/
RemovePlugin
http://www.defensecode.com/advisories/DC-2017-01-021_WordPress_User_Access_Manager_Plugin_Advisory.pdf
3
Tracking Code Managerall versionsunfixedtracking-code-managerAuthenticated Reflected Cross-Site Scripting
https://wordpress.org/plugins/tracking-code-manager/
RemovePlugin
http://www.defensecode.com/advisories/DC-2017-01-020_WordPress_Tracking_Code_Manager_Plugin_Advisory.pdf
4
Tracking Code Managerall versionsunfixedtracking-code-managerCross Site Request Forgery
https://wordpress.org/plugins/tracking-code-manager/
RemovePlugin
http://www.defensecode.com/advisories/DC-2017-01-020_WordPress_Tracking_Code_Manager_Plugin_Advisory.pdf
5
Tracking Code Managerall versionsunfixedtracking-code-managerDenial of Service
https://wordpress.org/plugins/tracking-code-manager/
RemovePlugin
http://www.defensecode.com/advisories/DC-2017-01-020_WordPress_Tracking_Code_Manager_Plugin_Advisory.pdf
6
MSMC – Redirect After Comment
all versionsunfixed
msmc-redirect-after-comment
Unauthenticated Stored Cross-Site ScriptingPlugin removed from repositoryRemovePlugin
Plugin looks to be abandoned
http://seclists.org/fulldisclosure/2017/May/26
7
Download Monitor1.9.6 and earlier1.9.7download-monitorUnauthenticated Download of log files
https://wordpress.org/plugins/download-monitor/
UpdatePlugin
Changelog: https://wordpress.org/plugins/download-monitor/#developers
8
Clean Login1.7.12 and earlier1.8clean-login
Cross Site Request Forgery resulting in unvalidated redirect
https://wordpress.org/plugins/clean-login/UpdatePlugin
http://seclists.org/fulldisclosure/2017/May/23
9
RSS Post Importer2.5.1 and earlier2.5.2rss-post-importerCross-Site Scripting
https://wordpress.org/plugins/rss-post-importer/
UpdatePlugin
Changelog: https://wordpress.org/plugins/rss-post-importer/#developers
10
Huge IT Forms1.4.7 and earlier1.4.8forms-contactSQL Injection
https://wordpress.org/plugins/forms-contact/
UpdatePlugin
Changelog: https://wordpress.org/plugins/forms-contact/#developers
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Sheet1